Follow

终于弄明白了如何用 GPG 密钥完成 SSH 的认证

@mayli 查了一下,确实可以用 X.509 证书做 SSH 认证,但是感觉比较麻烦 :0520:

@hcl 唔,是不是应该把导出公钥放到服务器上这一步挪到最前面,不然可能配完就上不去了?

@AstroProfundis 我理解的意思应该是:会不会替换 ssh-agent 为 gpg-agent 之后如果 gpg-agent 里面的提供的私钥在远程主机上没有对应的公钥就会导致认证失败无法登录远程主机?

我测试下来得到的结果是不会,根据 ssh 在和远程主机进行密钥交换的时候如果发现 gpg-agent 的认证失败(比如 gpg 密钥的解锁密码输入错误)的之后应该是会 fallback 到读取 ~/.ssh 里面的私钥的。

Sign in to participate in the conversation
SN.Angry.Im

Yet another excited Mastodon instance.

This node has not a main focus, and I do think it should never have. Read Rules before deciding to join, please.

This instance has an alias domain, `@angry.im`. Any user on this instance with `@sn.angry.im` can also be identified using `@angry.im`, e.g. `@[email protected]` and `@[email protected]` are equivalent. Other Mastodon instances will recognize the alias and redirect to the correct user account.